In one embodiment, an agent process associated with a particular application on a computing device intercepts outbound connection calls made by the particular application for a remote target host within a computer network, and determines an application context for the outbound connection call based on the particular application and one or more features of the outbound connection call. The agent process may then compare the application context against a set of application-context-aware firewall policies configured on the agent process, and determines whether to allow or not allow (block) the outbound connection call based on the comparing of the application context to the set of application-context-aware firewall policies.